brooklynisburning.buzz
Open in
urlscan Pro
91.234.99.190
Malicious Activity!
Public Scan
Submission: On April 28 via api from CA
Summary
This is the only time brooklynisburning.buzz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic China (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 91.234.99.190 91.234.99.190 | 35196 (IHOR-AS) (IHOR-AS) | |
3 | 123.58.177.239 123.58.177.239 | 45062 (NETEASE-A...) (NETEASE-AS Guangzhou NetEase Computer System Co.) | |
5 | 103.129.252.34 103.129.252.34 | 137263 (NETEASE-A...) (NETEASE-AS-AP NETEASE HONG KONG LIMITED) | |
1 | 163.171.128.153 163.171.128.153 | 54994 (QUANTILNE...) (QUANTILNETWORKS) | |
2 | 2a00:1450:400... 2a00:1450:4001:81d::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 103.235.46.191 103.235.46.191 | 55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.) | |
27 | 7 |
ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN)
PTR: m239-177.yeah.net
mimghz.qiye.163.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
hm.baidu.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
127.net
mimg.127.net yanxuan.nosdn.127.net |
60 KB |
3 |
163.com
mimghz.qiye.163.com mimg.qiye.163.com Failed mail.qiye.163.com Failed ssl.mail.163.com Failed analytics.163.com Failed ir.mail.163.com Failed |
31 KB |
3 |
brooklynisburning.buzz
brooklynisburning.buzz |
22 KB |
2 |
baidu.com
hm.baidu.com |
14 KB |
2 |
google-analytics.com
www.google-analytics.com |
18 KB |
27 | 5 |
Domain | Requested by | |
---|---|---|
5 | mimg.127.net |
brooklynisburning.buzz
|
3 | mimghz.qiye.163.com |
brooklynisburning.buzz
|
3 | brooklynisburning.buzz |
brooklynisburning.buzz
|
2 | hm.baidu.com |
brooklynisburning.buzz
|
2 | www.google-analytics.com |
brooklynisburning.buzz
|
1 | yanxuan.nosdn.127.net |
mimghz.qiye.163.com
|
0 | ir.mail.163.com Failed |
mimg.127.net
|
0 | analytics.163.com Failed |
brooklynisburning.buzz
|
0 | ssl.mail.163.com Failed |
brooklynisburning.buzz
|
0 | mail.qiye.163.com Failed |
brooklynisburning.buzz
|
0 | mimg.qiye.163.com Failed |
brooklynisburning.buzz
|
27 | 11 |
This site contains links to these domains. Also see Links.
Domain |
---|
qiye.163.com |
ss.cnnic.cn |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.nosdn.127.net GeoTrust CN RSA CA G1 |
2020-03-27 - 2022-06-26 |
2 years | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-04-07 - 2020-06-30 |
3 months | crt.sh |
baidu.com GlobalSign Organization Validation CA - SHA256 - G2 |
2020-01-13 - 2020-06-25 |
5 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Frame ID: 9EBAC4DE77D73F5394824BBD2120F50C
Requests: 27 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: 帮助
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 21- http://www.google-analytics.com/analytics.js HTTP 307
- https://www.google-analytics.com/analytics.js
- http://www.google-analytics.com/r/collect?v=1&_v=j81&a=1804916641&t=pageview&_s=1&dl=http%3A%2F%2Fbrooklynisburning.buzz%2Fdkfjne%2F163%2Fqiye.163.logindomain.php&ul=en-us&de=UTF-8&dt=%E7%BD%91%E6%98%93%E4%BC%81%E4%B8%9A%E9%82%AE%E7%AE%B1%20-%20%E7%99%BB%E5%BD%95%E5%85%A5%E5%8F%A3&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=854078897&gjid=594957300&cid=888002685.1588105809&tid=UA-60729705-1&_gid=260171126.1588105809&_r=1&z=1363132924 HTTP 307
- https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1804916641&t=pageview&_s=1&dl=http%3A%2F%2Fbrooklynisburning.buzz%2Fdkfjne%2F163%2Fqiye.163.logindomain.php&ul=en-us&de=UTF-8&dt=%E7%BD%91%E6%98%93%E4%BC%81%E4%B8%9A%E9%82%AE%E7%AE%B1%20-%20%E7%99%BB%E5%BD%95%E5%85%A5%E5%8F%A3&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=854078897&gjid=594957300&cid=888002685.1588105809&tid=UA-60729705-1&_gid=260171126.1588105809&_r=1&z=1363132924
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
qiye.163.logindomain.php
brooklynisburning.buzz/dkfjne/163/ |
20 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.7d2985bb.css
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/css/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.1.min.js
brooklynisburning.buzz/dkfjne/163/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
brooklynisburning.buzz/dkfjne/163/ |
378 B 633 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.8.1.min.js
mimg.127.net/p/tools/jquery/ |
91 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base_v3.js
mimg.127.net/index/lib/scripts/ |
23 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
qiye_algorithm.js
mimg.qiye.163.com/o/index/lib/scripts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
logo.gif
mimg.qiye.163.com/o/public/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
getqrcode.do
mail.qiye.163.com/mailapp/commonweb/qrcode/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
netease_logo.gif
mimg.127.net/logo/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knet.png
mimg.127.net/logo/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
year.js
mimg.127.net/copyright/ |
23 B 438 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
httpsEnable.gif
ssl.mail.163.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ntes.js
analytics.163.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.1a392b93.js
mimghz.qiye.163.com/o/mailapp/qiyelogin/js/ |
21 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
login.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sprite.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
speedbg.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
codebg.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
applogin_example.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stat.min.js
yanxuan.nosdn.127.net/hxm/yanxuan-analytics/common/js/ |
35 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
get.do
ir.mail.163.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ Redirect Chain
|
44 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hm.js
hm.baidu.com/ |
38 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/r/ Redirect Chain
|
35 B 111 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
594.jpg
mimg.qiye.163.com/p/official_site/2018/img/11/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hm.gif
hm.baidu.com/ |
43 B 299 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- mimg.qiye.163.com
- URL
- http://mimg.qiye.163.com/o/index/lib/scripts/qiye_algorithm.js
- Domain
- mimg.qiye.163.com
- URL
- http://mimg.qiye.163.com/o/public/logo.gif
- Domain
- mail.qiye.163.com
- URL
- https://mail.qiye.163.com/mailapp/commonweb/qrcode/getqrcode.do?w=130&h=130
- Domain
- ssl.mail.163.com
- URL
- https://ssl.mail.163.com/httpsEnable.gif
- Domain
- analytics.163.com
- URL
- http://analytics.163.com/ntes.js
- Domain
- mimghz.qiye.163.com
- URL
- http://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/login.png
- Domain
- mimghz.qiye.163.com
- URL
- http://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/sprite.png
- Domain
- mimghz.qiye.163.com
- URL
- http://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/speedbg.png
- Domain
- mimghz.qiye.163.com
- URL
- http://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/applogin_example.png
- Domain
- ir.mail.163.com
- URL
- https://ir.mail.163.com/get.do?prod=qiyeMail&mod=4&_time=1588105808503&callback=gAd.callback
- Domain
- mimg.qiye.163.com
- URL
- https://mimg.qiye.163.com/p/official_site/2018/img/11/594.jpg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic China (Online)70 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| log function| $ function| jQuery function| fCheckLoginNow function| fCheckAutoLogin function| fAutoLogin undefined| gbForcepc object| oAndroidRedirect function| fCheckBrowser function| fHtml5Tag function| fCheckCookie function| fGetQuery function| fGetQueryHash function| $id function| fTrim function| fParseMNum function| fCheckAccount function| fGetScript function| fGetCookie function| fSetCookie function| fEventListen function| fEventUnlisten function| fRandom function| fUrlP function| fResize function| fFQ function| fStartTime object| gUserInfo object| gVisitorCookie undefined| gMobileNumMailIsForbidden undefined| gMobileNumMailResult object| gMobileNumMail function| fEnData function| loginRequest function| getRnd undefined| DOMContentLoaded function| DOMREADY string| base64EncodeChars function| base64encode function| utf16to8 function| fGetLocator function| fSetGadIndex number| offset function| MobCallback boolean| bGettingAlgorithm object| gIndexAd number| gDocHeight function| resizeBody function| getQueryStr string| _ntes_nacc string| addresses function| fSpeedTest function| fSpd object| YXStat object| jQuery18109050648949938342 undefined| gAd.callback object| gAd string| GoogleAnalyticsObject function| ga object| _hmt object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| JSON3 function| onWebViewStatisticsDidAppear boolean| _bdhm_loaded_c5b84290a8ff010ee2699f3f4eaa21d6 object| mini_tangram_log_8non840 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analytics.163.com
brooklynisburning.buzz
hm.baidu.com
ir.mail.163.com
mail.qiye.163.com
mimg.127.net
mimg.qiye.163.com
mimghz.qiye.163.com
ssl.mail.163.com
www.google-analytics.com
yanxuan.nosdn.127.net
analytics.163.com
ir.mail.163.com
mail.qiye.163.com
mimg.qiye.163.com
mimghz.qiye.163.com
ssl.mail.163.com
103.129.252.34
103.235.46.191
123.58.177.239
163.171.128.153
2a00:1450:4001:81d::200e
91.234.99.190
098ec9249cb3e97872e1862b4400b9db4c6622a4d089b64b752ffc73b3ef7a30
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8
18fd0aab2eecc8cef072a5b167f40da282cfb3f0e73f6a4f5a49080ec93d88f1
1f994bb7bfddfc2279182afe5beede13efe737b62a114b72146a8e2ca60d4bc2
5dc409f6561b42c254ead2c29f5facb188c3e95fd6399a8fa76217ef0868010a
8305dfa05e7ee9e7e6a389193b23ee62afb0148f845a6fd89d7b76199718ce0e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8696828c26cab79a60130d39242aa14bbcc38181ec2cfcb4320d5100f82fbf9e
a0ceb7edc5991f85a9613588811fee01502816f4a31ed92b19b348c07854f052
a1305347219d673cc973172494248e557ce8eccaf65af995c07c9d7daed4475d
b13de2eb10e93a66f6332b6ccb258bcf1502362a89b91c16f78ea425562e40a0
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d25d2066af8d3c8dcd207de3f3253328c0b767c18907a96bd5cf681df9b1fc71
e2b40b89439fa8cff19153f2cfc20061ead316635d62e596773ea008a45d13df
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d